Timeline for Grover algorithm for public key cryptography - FrodoKEM
Current License: CC BY-SA 4.0
6 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Nov 12, 2021 at 20:53 | history | edited | poncho | CC BY-SA 4.0 |
added 713 characters in body
|
| Nov 12, 2021 at 18:12 | comment | added | poncho | @Fleeep: ok, I modified my answer to address this alternative attack | |
| Nov 12, 2021 at 18:12 | history | edited | poncho | CC BY-SA 4.0 |
added 1065 characters in body
|
| Nov 12, 2021 at 17:55 | comment | added | poncho | @Fleeep: my apologies; I had thought that Frodo-640 took a longer secret seed - double checking, I see that it doesn't. Then, yes, you could use Grover's to recover it; on the other hand, I suspect that'll be a constant factor more complex than attacking the symmetric system that uses the seed, but it's certainly possible (if impractical; see above) | |
| Nov 12, 2021 at 15:45 | comment | added | Fleeep | Why would you not be able to attack (= build the fitness function) the initial seed (which also has 128 bits) used to generated the (sk, pk) pair using Grover? This would assume that finding a sk (or rather a seed that es expanded to a sk) that results in the same pk allows you to decapsulate successfully. | |
| Nov 12, 2021 at 13:27 | history | answered | poncho | CC BY-SA 4.0 |